[6] | 1 | <?php |
---|
| 2 | |
---|
| 3 | class data_users extends data |
---|
| 4 | { |
---|
| 5 | |
---|
| 6 | # ---------------------------------------------------------------------------------------- |
---|
| 7 | # users |
---|
| 8 | # |
---|
| 9 | |
---|
| 10 | function users($start = 0, $is_artiste = null, $alpha = null) |
---|
| 11 | { $users = array("list" => array(), "total" => 0); |
---|
| 12 | try |
---|
| 13 | { $SELECT = |
---|
| 14 | "SELECT #--pun_users.id" |
---|
| 15 | .", #--pun_users.username" |
---|
| 16 | .", #--artistes.id as id_artiste"; |
---|
| 17 | $FROM = |
---|
| 18 | " FROM #--pun_users" |
---|
| 19 | ." LEFT JOIN #--artistes" |
---|
| 20 | ." ON #--pun_users.id=#--artistes.pun_user"; |
---|
| 21 | $WHERE = " WHERE #--pun_users.id!=1"; |
---|
| 22 | $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(username, 1)=".$this->eq($alpha) : ""); |
---|
| 23 | $WHERE .= (isset($is_artiste) ? ($WHERE ? " AND" : " WHERE")." #--artistes.id IS".($is_artiste ? " NOT" : "")." NULL" : ""); |
---|
| 24 | $GROUP_BY = " GROUP BY #--pun_users.id"; |
---|
| 25 | $LIMIT = ($this->env->config("max_list") ? " LIMIT ".$this->env->config("max_list")." OFFSET ".$start : ""); |
---|
| 26 | $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.") res"; |
---|
| 27 | $rst = $this->sql->query($sql); |
---|
| 28 | if($v_rst = $this->sql->fetch_assoc($rst)) $users["total"] = $v_rst["n"]; |
---|
| 29 | $this->sql->free_result($rst); |
---|
| 30 | if($users["total"] > 0) |
---|
| 31 | { $sql = "SELECT * FROM(".$SELECT.$FROM.$WHERE.$GROUP_BY.$LIMIT.") res"; |
---|
| 32 | $rst = $this->sql->query($sql); |
---|
| 33 | while($v_rst = $this->sql->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst; |
---|
| 34 | $this->sql->free_result($rst); |
---|
| 35 | } |
---|
| 36 | } |
---|
| 37 | catch(Exception $_e) { $users = false; } |
---|
| 38 | return $users; |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | function user($id) |
---|
| 42 | { $user = array(); |
---|
| 43 | try |
---|
| 44 | { $sql = "SELECT * from #--pun_users WHERE id=".$id; |
---|
| 45 | $rst = $this->sql->query($sql); |
---|
| 46 | if($v_rst = $this->sql->fetch_assoc($rst)) $user = $v_rst; |
---|
| 47 | $this->sql->free_result($rst); |
---|
| 48 | } |
---|
| 49 | catch(Exception $_e) { $user = false; } |
---|
| 50 | return $user; |
---|
| 51 | } |
---|
| 52 | |
---|
| 53 | # ---------------------------------------------------------------------------------------- |
---|
| 54 | # admin |
---|
| 55 | # |
---|
| 56 | |
---|
| 57 | function is_admin($user_id) |
---|
| 58 | { $OK = false; |
---|
| 59 | try |
---|
| 60 | { $sql = "SELECT group_id FROM #--pun_users WHERE id=".$user_id; |
---|
| 61 | $rst = $this->sql->query($sql); |
---|
| 62 | if($v_rst = $this->sql->fetch_assoc($rst)) $OK = $v_rst["group_id"] == 1; |
---|
| 63 | $this->sql->free_result($rst); |
---|
| 64 | } |
---|
| 65 | catch(Exception $_e) { $OK = false; } |
---|
| 66 | return $OK; |
---|
| 67 | } |
---|
| 68 | |
---|
| 69 | function is_super_admin($user_id) |
---|
| 70 | { $is_super_admin = false; |
---|
| 71 | try |
---|
| 72 | { $sql = "SELECT * FROM #--super_admins WHERE id_pun_user=".$user_id; |
---|
| 73 | $rst = $this->sql->query($sql); |
---|
| 74 | if($v_rst = $this->sql->fetch_assoc($rst)) $is_super_admin = true; |
---|
| 75 | $this->sql->free_result($rst); |
---|
| 76 | } |
---|
| 77 | catch(Exception $_e) { $is_super_admin = false; } |
---|
| 78 | return $is_super_admin; |
---|
| 79 | } |
---|
| 80 | |
---|
| 81 | function is_artiste_admin($id_artise, $pun_user) |
---|
| 82 | { $is_artiste_admin = false; |
---|
| 83 | try |
---|
| 84 | { $sql = "SELECT count(*) as n FROM #--artistes_admins WHERE id_artiste=".$id_artise." AND pun_user=".$pun_user; |
---|
| 85 | $rst = $this->sql->query($sql); |
---|
| 86 | if($v_rst = $this->sql->fetch_assoc($rst)) $is_artiste_admin = $v_rst["n"] > 0; |
---|
| 87 | $this->sql->free_result($rst); |
---|
| 88 | } |
---|
| 89 | catch(Exception $_e) { $is_artiste_admin = false; } |
---|
| 90 | return $is_artiste_admin; |
---|
| 91 | } |
---|
| 92 | |
---|
| 93 | # ---------------------------------------------------------------------------------------- |
---|
| 94 | # log in / out |
---|
| 95 | # |
---|
| 96 | |
---|
| 97 | function pun_login_ok($form_username, $form_password, $db) |
---|
| 98 | { $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? |
---|
| 99 | 'username=\''.$db->escape($form_username).'\'' |
---|
| 100 | :'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')'; |
---|
| 101 | $_sql = |
---|
| 102 | 'SELECT id, group_id, password' |
---|
| 103 | .' FROM '.$db->prefix.'users' |
---|
| 104 | .' WHERE '.$username_sql; |
---|
| 105 | $result = $db->query |
---|
| 106 | ( $_sql |
---|
| 107 | ) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error()); |
---|
| 108 | list($user_id, $group_id, $db_password_hash) = $db->fetch_row($result); |
---|
| 109 | $save_pass = 1; |
---|
| 110 | $authorized = false; |
---|
| 111 | if(!empty($db_password_hash)) |
---|
| 112 | { $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false; |
---|
| 113 | $sha1_available = (function_exists('sha1') || function_exists('mhash')) ? true : false; |
---|
| 114 | $form_password_hash = pun_hash($form_password); // This could result in either an SHA-1 or an MD5 hash (depends on $sha1_available) |
---|
| 115 | if($sha1_in_db && $sha1_available && $db_password_hash == $form_password_hash) $authorized = true; |
---|
| 116 | else if(!$sha1_in_db && $db_password_hash == md5($form_password)) |
---|
| 117 | { $authorized = true; |
---|
| 118 | if($sha1_available) // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB |
---|
| 119 | $db->query |
---|
| 120 | ( 'UPDATE '.$db->prefix.'users' |
---|
| 121 | .' SET password=\''.$form_password_hash.'\'' |
---|
| 122 | .' WHERE id='.$user_id |
---|
| 123 | ) or error('Impossible de modifier le mot de passe', __FILE__, __LINE__, $db->error()); |
---|
| 124 | } |
---|
| 125 | } |
---|
| 126 | // Update the status if this is the first time the user logged in |
---|
| 127 | if($group_id == PUN_UNVERIFIED) $db->query |
---|
| 128 | ( 'UPDATE '.$db->prefix.'users' |
---|
| 129 | .' SET group_id='.$pun_config['o_default_user_group'] |
---|
| 130 | .' WHERE id='.$user_id |
---|
| 131 | ) or error('Uimpossible de modifier le statut utilisateur', __FILE__, __LINE__, $db->error()); |
---|
| 132 | // Remove this users guest entry from the online list |
---|
| 133 | $db->query |
---|
| 134 | ( 'DELETE FROM '.$db->prefix.'online' |
---|
| 135 | .' WHERE ident=\''.$db->escape(get_remote_address()).'\'' |
---|
| 136 | ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); |
---|
| 137 | $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
---|
| 138 | pun_setcookie($user_id, $form_password_hash, $expire); |
---|
| 139 | return $authorized; |
---|
| 140 | } |
---|
| 141 | |
---|
| 142 | function pun_logout($pun_user, $db) |
---|
| 143 | { if($pun_user["is_guest"] || !isset($_GET["id"]) || $_GET["id"] != $pun_user["id"]) return false; |
---|
| 144 | // Remove user from "users online" list. |
---|
| 145 | $db->query |
---|
| 146 | ( 'DELETE FROM '.$db->prefix.'online' |
---|
| 147 | .' WHERE user_id='.$pun_user['id'] |
---|
| 148 | ) or error('Impossible de supprimer de la liste des utilisateur en ligne', __FILE__, __LINE__, $db->error()); |
---|
| 149 | // Update last_visit (make sure there's something to update it with) |
---|
| 150 | if(isset($pun_user['logged'])) $db->query |
---|
| 151 | ( 'UPDATE '.$db->prefix.'users' |
---|
| 152 | .' SET last_visit='.$pun_user['logged'] |
---|
| 153 | .' WHERE id='.$pun_user['id'] |
---|
| 154 | ) or error('Impossible de modifier les données de visite de l\'utilisateur', __FILE__, __LINE__, $db->error()); |
---|
| 155 | pun_setcookie(1, random_pass(8), time() + 31536000); |
---|
| 156 | return true; |
---|
| 157 | } |
---|
| 158 | |
---|
| 159 | } |
---|
| 160 | |
---|
| 161 | ?> |
---|